Wednesday, December 16, 2020

Adrozek

  A cross browser campaign is currently on the Internet.

Affects all browsers, probably on all platforms.

As more and more is on our networks, there will be more and threats to steal or copy credentials for financial gain for the bad gals/guys and financial ruin for us.

 This one has been named Adrozek by researchers at Microsoft. 

 Is has been found to perform unwanted ad injection for search results. It is capable of much more. Credential stealing or copying as an example. If you have stored credentials in a browser for a digital wallet for digital currency, a financial institution, on-line shopping, etc. you might consider changing the passphrases/passwords and store the credentials in a more secure location. Password managers, password hints in a safe, etc.

 Monitor, monitor, monitor. Recognize all of the browser helper objects, browser extensions, browser add-ons in all of your browsers? Use separate and secured browser instances for financial access?
Keep your software, applications, firmware, alerts, security suite signatures, and other defenses up to date?

 Once discovered Adrozek was infecting 30,000 devices a day.

 Adrozek disables browser updates, establishes a windows service, and other harmful actions. Once a malware tool is released other actors can modify the actions to perform greater harm. 

 Microsoft Defender (formally known as Windows Defender) has had signatures to detect and attempt a clean of infected Windows PCs. Other browser platforms (MacOS, Linus, BSD, etc.) are vulnerable as well.

 To protect your platforms use standard and proven cyber defenses and hygiene.

 A suggestion for Windows: use Windows Update to obtain the most current Defender signature updates. Then perform a full scan of all volumes.



 Then Windows Security -> Virus and threat protection -> Full scan




 Be aware a full scan can take a loooong time on a disk with a lot of files.


No comments:

Post a Comment